The Government has today (December 1) released the report of the Inter-departmental Working Group on Computer Related Crime for public consultation.

At a press conference held this afternoon on the report of the Working Group, the Deputy Secretary for Security, Miss Cheung Siu-hing, gave a detailed account of the recommendations made in the report.

"The Working Group has outlined a framework for improving the existing regime of measures to tackle computer-related crimes. It should provide a basis on which future work may be done," said Miss Cheung.

Miss Cheung pointed out that it had always been the Government's aim to ensure that our response to crime keep pace with technological developments.

"The phenomenal increase in computer use over the past few years had been accompanied by an increase in computer-related crimes as well. The Working Group was therefore established in March this year to examine existing legislation and related issues regarding computer crime. Its ultimate aim was to contribute to the total effort of providing an environment conducive to the legitimate use of the computer and the Internet," she said.

Miss Cheung explained that the approach adopted by the Working Group was a macro one, focusing on identifying solutions that might be applied across the board.

"The Working Group considered it unnecessary for it to deal with all crimes that may be committed via the computer or the Internet. These should continue to be considered in their relevant policy context.

"However, the tackling of these crimes will benefit from the Working Group's recommendations to strengthen the overall environment for law enforcement against computer crime," Miss Cheung said.

The recommendations made by the Working Group cover both legislative and administrative measures.

"In drawing up these measures, the Working Group has been mindful of the need to balance law enforcement facilitation on the one hand and the likely cost of compliance on the other hand.

"Moreover, given the transborder nature of computer crime, the Working Group has also been mindful of the need to ensure that the proposed framework is in line with current international thinking on this subject," Miss Cheung added.

"The Working Group has found that the thrust of existing legislation on computer crime is largely along the right lines. There is nonetheless room for improvement in two areas - the inconsistency in treatment between crimes of similar nature in the physical and cyber worlds as well as the apparent inability of certain legal concepts to catch up with the information age."

In this regard, the Working Group has recommended the following legislative changes -

- strengthening and rationalising the penalties for certain computer offences such as hacking;

- extending the coverage of protected computer data from programmes and data stored in a computer to programmes and data at all stages of storage or transmission, and from unauthorised access by telecommunications only to unauthorised by any means;

- prohibiting the trafficking of data obtained through unauthorised access to computer;

- prohibiting the making available of computer passwords or access codes for wrongful gain, an unlawful purpose or causing wrongful loss to another;

- requiring the compulsory disclosure of the decryption tools or decrypted text of encoded computer records for more serious offences, subject to judicial scrutiny.

Miss Cheung said that most of these proposals were built on existing legislation. For example, the Working Group had recommended bringing the penalty for the offence of accessing a computer with a dishonest intent to deceive (five years' imprisonment) on par with that for deception offences in general (ten to 14 years). In addition, with regard to the compulsory disclosure of the decryption key or decrypted text, there were already provisions for computer records to be provided in a "visible and legible" form in some existing ordinances.

"The Working Group has emphasised that it will not be enough to rely on legislation alone to combat computer crime. Its report has therefore devoted considerable coverage to administrative measures which include working out an administrative guideline for Internet service providers and conducting a thorough risk assessment of our critical infrastructures in respect of cyber attacks," she said.

In addition, the report recommends a mechanism to co-ordinate and enhance public education and encourages participation of the private sector in running programmes and activities to promote the proper use of the Internet, security awareness and education.

"As computer and Internet use has become part of our everyday life, information security issues should be a matter of concern for many. Before coming to a firm view on whether to accept the Working Group's recommendations, therefore, we would like to seek the public's views on the issues raised and the recommendations made in the report.

"Members of the community and interested parties are welcome to give their views on the report during the consultation period from December 1, 2000 to January 31, 2001. We hope that the accepted recommendations will be implemented as soon as practicable," Miss Cheung added.